<!DOCTYPE html>

<html>
<head><title>Account Management</title></head>

<fieldset>
<legend>Account Management</legend>

<?php include("../db.php");
session_start();
check_inactive();
authenticate_admin();
$db=pg_connect("host=dbsrv1 dbname=csc309g7 user=csc309g7 password=aiboid4p");
account_operation_handler();


if(!$db)
{
	echo "database connection failed<br/>";
	exit;
	
	}
if($db)
{

//Create an admin account
echo "<table border='1'><tr><td><strong>Create Admin Account</strong></td></tr>";
echo "<tr><td>";

echo "<form action= Account_Management.php method='post'>";
echo "Username: <input type='text' name='username_c'/><br/>";
echo "Password: <input type='password' name='password_c'/><br/>";
echo "Email: <input type='text' name='email_c' /><br/>";
echo "Your name: <input type='text' name='name_c'/><br/>";
echo "<input type='hidden' name='admin_user' value='two' />"; //pass admin value to create the account
echo "<input type='submit' value='submit'/> <br/>";
echo "</form>";
echo "</td></tr>";
echo "</table><br/>";


//search and delete an account
echo "<table border='1'><tr><td><strong>Search Accounts</strong></td></tr>";
echo "<tr><td>";
echo "<form action='Account_Management.php' method='post'>";
echo "<input type='text' name='inputs'><br/>";
echo "Search by name: <input type='radio' name='user' value='username' checked='checked'/><br/>";
echo "Search by userID: <input type='radio' name='user'  value='userid' /><br/>";
echo "<input type='submit' value='submit'/><br/>";
echo "</form>";
echo "</td></tr>";
echo "</table>";

}//end of if($db)


function create_account()
{
	
	$c_username=$_POST['username_c'];
	$c_password=$_POST['password_c'];
	$c_email=$_POST['email_c'];
	$c_admin=$_POST['admin_user'];
	$c_name=$_POST['name_c'];
	//echo "username: $c_username password: $c_password email: $c_email admin: $c_admin name: $c_name<br/>";
	
	if (isset($c_username) && isset($c_password) && isset($c_email) && isset($c_admin) && isset($c_name))
     {
		
			$create="insert into people values(default,'".$c_username."','" .$c_password. "','".$c_name."','".$c_email."','1', 'none','2','2')";
			$insert=pg_query($create);
			//echo $create."<br/>";
			
			if (!$insert)
			 {
				 echo "Create account failed. ";
				 exit;
				 }				
		}	
	}

function search_account()
{
$s_user=$_POST['user'];
$s_inputs=$_POST['inputs'];

//echo "user=$s_user input=$s_inputs";

if (isset($s_user)&&isset($s_inputs))
{
	
	if ($s_user=="userid")
		{
			$search="select * from people where userid=".$s_inputs;
			$result=pg_query($search);
			//echo $search;
	
	}
	else if($s_user=="username")
	{
		$search="select * from people where username='".$s_inputs."'";
		$result=pg_query($search);
		//echo $search;
		}
	
}

echo "<table border='1'><tr><td>";
echo "userid</td><td>username</td><td>name</td><td>account status</td><td>Operation</td></tr>";

while($account_array=pg_fetch_assoc($result))
{

	echo "<tr><td>".$account_array['userid']."</td><td>".$account_array['username']."</td><td>".$account_array['name']."</td><td>".$account_array['admin_user']."</td><td>";
	echo "<form action='Account_Management.php' method='post'>";
	echo "<input type='hidden' name='delete_account' value='".$account_array['userid']."'>";
	echo "<input type='submit' value='delete'></td></tr>";
	echo "</form>";
}
echo "</table>";

}

function delete_account()
{
	$dd_userid=$_POST['delete_account'];
	//echo "deleting $dd_userid";
	
	/*$delete1 = "delete from friends where friends_with = $dd_userid and userid = $add_userid";
	$delete2 = "delete from usergame where userid = $add_userid";
	$delete2 = "delete from ratings where userid = $add_userid";
	$delete2 = "delete from votes where voter = $dd_userid and userid = $add_userid";
	*/
	
	$deleting="delete from people where userid=".$dd_userid;
	pg_query($deleting);
	//echo $deleting;
	
	}

function account_operation_handler()
{
	
	if ($_POST['admin_user'])
	{
		create_account();
		}
	if ($_POST['inputs'])
	{
		search_account();
		echo "Please <a href='Account_Management.php'>click me</a>  to go back!<br/>";
		exit;
		}
		
	if ($_POST['delete_account'])
	{
		delete_account();
		echo "Please <a href='Account_Management.php'>click me</a>  to go back!<br/>";
		exit;
		}
		
}

?>

</fieldset>
</html>
